Limitation of SSID WLC 2504 Hall admin

Hello

I want to start using admin Hall on 2504 WLC for guest WLAN SSID. I connected the loby of RADIUS administrator accounts and I am able to connect. But even I use local account or account of RADIUS, I can't select which WIFI SSID I want limit for new users of comments.

So what I'm missing? I see only "all WLAN", but I want to have just "guest_wifi" ssid. The reason is to limit admin lobby by selecting 'all wlan.

Thank you

Yes, I missed that, sorry for wasting your time, I just tested, the WLAN should has webauth in L3 security is in order, it see in the Hall admin page.

Tags: Cisco Wireless

Similar Questions

  • WLC 2504 cannot access the GUI...

    Hi all

    I'm not sure what I did wrong, the 2504 itself has only 4 ports and no port management but I heard it's actually port 1 (even if there are no labels for this). That's what I've done so far to try to access the GUI:

    in CLI mode, I have

    (1) put AP managament address like 10.151.55.129 255.255.255.224.

    (2) I have activated the adminmode on port 1, which I assume is management port and enabling admin mode is the same as "no shut" on switches I guess; Here is the command I entered:

    (Cisco Controller) config > adminmode port 1 turn on

    (3) enabled HTTPS/HTTP through commands:

    (Cisco Controller) config > activate network secureweb

    (Cisco Controller) config > activate network web-auth secureweb

    (Cisco Controller) config > network webmode enable

    (4) I then reset system and verify that the changes took place to help display the synthesis network, as shown below. I also activated mgmt via dynamic interface to see if it makes a difference:

    RF-network name... TEST_WIFI

    Web Mode.................................... Enable

    Secure Web view... Enable

    Secure Web Mode Cipher-Option high... Disable

    Secure Web SSLv2 Cipher-Option Mode... Disable

    Secure Web Mode RC4 Cipher preference... Disable

    OCSP........................................ People with disabilities

    Responder OCSP URL...

    Secure Shell (ssh)... Enable

    Telnet...................................... Disable

    Transfer Ethernet multicast... Disable

    Transfer of broadcast Ethernet... Disable

    Multicast/Broadcast AP mode... Address multicast: 225.225.225.225

    IGMP snooping... People with disabilities

    IGMP timeout... 60 seconds

    Interval between IGMP queries... 20 seconds

    MLD snooping... People with disabilities

    MLD timeout... 60 seconds

    Interval between MLD queries... 20 seconds

    Period of inactivity of the user... 300 seconds

    ARP timeout... 300 seconds

    Cisco AP by default Master... Disable

    Join AP priority... Disable

    Mgmt interface wireless... Disable

    Mgmt Via dynamic Interface... Enable

    Filter MAC bridge Config... Enable

    Safety of bridge mode... EAP

    Mesh full sector DFS... Enable

    Relief of AP... Enable

    Support CMCC Auth Web... People with disabilities

    Web Auth redirect Ports... 80.1

    Web Proxy Auth Redirect... Disable

    Bypass-Web Auth Captive... Disable

    Web secure Web Auth... Enable

    Quick change SSID... People with disabilities

    Discovery of the AP - IP NAT only... Activated

    IP/MAC Addr binding Check... Activated

    Status of CCX-lite... Disable

    oeap-600-WLAN-dual... Disable

    oeap-600 local-network... Enable

    mDNS snooping... People with disabilities

    mDNS interval between requests. 15 minutes

    (5) I installed my PORTABLE NIC to be 10.151.55.20 255.255.255.224 and connected to port 1 on wlc 2504; but I can't ping 10.151.55.29 nor do I navigate to https://10.151.55.29/. The port appears upwards (the flashing green lights on port 1 and Portable NIC also Flash).

    Any help would be appreciated

    If your connection to your laptop direct to port 1, then you have untagged the management vlan. Now you have configured for vlan 10, you must set to vlan 0.

    You will then be able to ping to the management interface and connect to it through the user interface.

    Sent by Cisco Support technique iPhone App

  • Cisco WLC 2504 with AIR-AP1131AG-A-K9

    Hello

    Can you help me for some info about AIR-AP1131AG-A-K9.

    I have a wlc 2504, but I don't know if the AIR-AP1131AG-A-K9-supported 2504 wlc.

    Can work this WLC 2504 with AIR-AP1131AG-A-K9 solution?

    If so, guide.

    Thank you very much

    Gezimv

    Check out this link. As long as you have software version 8.0.x 2504 version you can use 1131 AP with it. Nothing beyond software fate is more a series of support 1131.

    http://www.Cisco.com/c/en/us/TD/docs/wireless/compatibility/matrix/compatibility-matrix.html#56735

    HTH

    Rasika

    Pls note all useful responses *.

  • New authentication active directory on wlc 2504

    Hello

    There is problem with very often a new authentication for servers active directory. Every time only if:

    -loose client wlan/wifi because of the wifi hole or low RSSI

    -output of build for a while customer

    -wlan loose customer due to problem with homelessness (slow, not perfect)

    There is possibility to keep authenticated users? I had hope that options: sleep customer, max session timeout, max idle timeout

    help, but they do not work for me :(

    My access point (2702) are all in a group flexconnect. WLC 2504 (8.1.102.0). My security in WLAN config is:

    Layer2: wpa + wpa2, PSK

    Layer 3: web policy, authentication with LDAP servers + asleep on client

    I always try to improve the radio covers n fast roaming (11 k, r, v) but if someone leaves the area wifi, to do authenticated which is a little annoying...

    Thanks for any advice or an index

    Peter

    You want people who re - attach to your network for to re-authenticate.  It's a good thing.  We do not want people using the old credentials, or expose you to a security breach.

    This behavior is by design - and good.

  • Cisco WLC 2504 - Access Points do not reach the controller

    Hello world

    We bougth a Cisco WLC 2504 with two AIR-AP2702I-UXK9 Access Points. The problem is that the AP do not join the WLC.
    The output from 'show join ap stats' shows the following:

    (Cisco Controller) > view join ap stats summary all the

    Database Mac EthernetMac AP AP name IP address Status
    00:35: 1a: B1:A9:60 00:f2:8 b: f4:1 has: 9 c AP00f2.8bf4.1a9c 192.168.10.23 joined not
    00:35: 1a: C9:99:B0 00:f2:8 b: 77:b7:fc AP00f2.8b77.b7fc not joined 192.168.10.24

    (Cisco Controller) > show join ap 00:35:1 detailed stats to: b1:a9:60

    Synchronization phase statistics
    -For the synchronization request has received... Does not apply
    -For the synchronization completed... Does not apply

    Discovery phase statistics
    -Applications received discovered... 114
    -Answers success of discovery... 114
    -Discovery failure processing... 0
    -Purpose of the last unsuccessful attempt of discovery... Does not apply
    -Attempt to finally successful discovery time... 20:15:40.106 16 June
    -Discovery attempt ultimately unsuccessful time... Does not apply

    Join the live statistics
    -Join applications received... 57
    -Join sent successful responses... 57
    -Processing of the join request without success... 0
    -Purpose of the last unsuccessful attempt to join... Does not apply
    -Attempt to join finally managed time... 20:15:50.414 16 June
    -Join finally failed time... Does not apply

    Configuration phase statistics

    -Configuration requests... 114
    -Answers configuration successful... 0
    -Processing configuration failed... 57
    -Purpose of the last unsuccessful attempt to Setup... Invalid license in the application configuration
    -Attempt to finally successful configuration time... Does not apply
    -Time finally failed configuration attempt... 20:15:50.810 16 June

    Last the decryption of the AP details failure messages
    -Last message decryption failure reason... Does not apply

    Details of recent disconnection AP
    -Last AP connection failure reason... Does not apply
    -Last reason for disconnection AP... Unknown failure reason

    Latest summary join error
    -Type of error that occurred in the last... Application of configuration rejected LWAPP
    -Reason for the error that took place the last... Invalid license in the application configuration
    -Time which occurred the last error to join... 20:15:50.810 16 June

    Details of sign-out AP
    -Last AP connection failure reason... Does not apply
    Ethernet Mac: c 00:f2:8 b: f4:1 has: 9 Ip address: 192.168.10.23

    Would be grateful for the help.

    Best regards
    Marc

    Hi Marc,

    Make sure first that your controller has software code 8.0.x or above, if first better it. Here's the code recommended by TAC

    http://www.Cisco.com/c/en/us/support/docs/wireless/wireless-LAN-Controller-software/200046-TAC-recommended-AireOS.html

    Then, try the UX above deployment guide to begin. Under Advanced tab WLAN, you need to enable "of the first universal ap' in order to use this app provisioning & connect to the AP.

    If you have more than 1 AP, then you must start 1AP using this application. Other access points that you can feed them upward, while AP original is also powered, so they'll use protocal called NDP & start them automatically

    Let us know how it goes

    HTH

    Rasika

    Pls note all useful responses *.

  • Don't WLC 2504 media HA or not?

    We have Cisco WLC 2504 (software version: 7.3.101.0) in our network and management access 10 points, we are now trying to build High Availability (HA) in the WLAN settings. So I need details that this existing platform is capable of supporting HA.

    Required clarification as follows.

    1 support WLC 2504 HA?
    2. If the AP is supported if a license is required to enable it.
    3. What is prerequisite software to enable it.
    4 Setup guide to enable HA

    Attached: existing WLC BOMs

    HA PA SSO:

    http://www.Cisco.com/en/us/products/ps10315/products_tech_note09186a0080bd3504.shtml

    HA N + 1

    http://www.Cisco.com/en/us/docs/wireless/technology/hi_avail/N1_HA_Overview.html

    AP high availability

    http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

    Thank you

    Scott

    Help others by using the rating system and marking answers questions as 'response '.

  • a WLC 2504 does support mobility with WiSM1 on the 6500 Series group

    If a WLC 2504 supports the mobility with WiSM1 on the 6500 Series group.

    Model: WLC 2504
    Software version: 7.3.101.0

    Model: WiSM1
    Software version: 7.x.x.x

    Yes and no.

    Yes, mobility is supported.

    No, because I don't personally recommend inter-controleur of roaming.  It is true when you are dealing with 4400/WISN-1.  This is even truer when you WLC running two (or more) different codes.

  • Cisco WLC 2504 internal DHCP does not work properly

    Hi all

    I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2

    a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?

    These are my interfaces:

    Interface of the PA-Manager:

    My DHCP scope:

    Advanced DHCP:

    I forgot something? Is there anyone using DHCP for its access points?

    Thank you!

    Hello

    On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.

    Let me explain briefly how AP-Manager works on WLC:

    1. Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
    2. Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
    3. Joints access point controller using the less loaded interface AP Manager.

    With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.

    I drop a post here sometimes there is which might help:

    https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...

    Thank you

    PS: Please do not forget to rate and score as correct answer if this answered your question

  • WLC 2504 with AP 1121 g

    Hey there,

    I have a problem, maybe you can help me.

    I want to join the FOLD of the AIR-AP1121G-E-K9 to a WLC 2504 with software version 7.4.x.

    In the compatibility matrix, I saw that it is only possible if the WLC has 7.0.x software version.

    So my questions are:

    1. Why is it needable to upgrade the 7.0.x to 7.4.x WLC?

    2. is it possible to join the AP1121G a WLC 2504 with 7.4.x version?

    3. What is the difference between version 7.0.x and 7.4.x

    I hope you can help me

    Yes.  That is right.  You need to downgrade the firmware of your WLC to 7.0.X to allow the APs 1100.

    Make sure that you back up your configuration before the downgrading of your firmware.

  • SG 300 and WLC 2504

    Someone in the community all managed to connect a controller wireless lan to a 300 SG? I know that the WLC 2504 needs to be connected to a switch L3, but also a gigabit ethernet port. I plan on upgrading the firmware of the SG300 to version 1.3.5.58. Since the 1st version seems to have some problems using L3 switching.

    Thank you

    -Bill

    The biggest drawback for most people is the VLAN tagging. The switch in many ways is like a switch in IOS, but it is not simply a switch of IOS.

    Just keep in mind that if you make a layer 3 VLAN (assigned IP address to the VLAN), if sure the default VLAN has first of all a static IP address then go to make interfaces VLAN additional.

    config t

    int vlan 1

    IP address 192.168.1.254/24 or anything else you want.

    Continue to add the IP address and VLAN

    config t

    database of VLAN

    VLAN 100

    int vlan 100

    IP address x.x.x.x /xx

    Then you can make the trunks, etc. for VLAN desired.

    config t

    int gi0/1

    switchport trunk allowed vlan add 100<- this="" will="" make="" the="" port="" vlan="" 1="" untagged,="" vlan="" 100="">

    Most people transitioning to this switch get caught up on these 2 things for some reason most any.

    If you need help to set up the switch, you can always call the HWC, they have 24 hour support (without contract) or you can always feel free to hit me up (free support too)

    -Tom
    Please mark replied messages useful

  • Recommended configuration of WLC 2504 SSID with AD

    Hello

    I would ask, what oyou d think that is now the best practices and recommended solution how to configure SSDID on 2504 WLC for the following scenario. I'm new to WLC and would like to secure network.

    -any type of customer must be supported (08/07/10 win, mac, linux, iOS, android, windows mobile)

    -authentication on Win 2012 R2 NPS as RADIUS

    -any requirement of certificate client (we don't want PKI configuration for now), we want to just WLC certificate as an authentication point

    is enough [WPA2] [Auth (802. 1 X + CCKM)] who will have radius configured?

    Thank you

    Well Yes, check these

    http://www.Cisco.com/c/en/us/support/docs/wireless-mobility/WLAN-Securit...

    http://www.Cisco.com/c/en/us/TD/docs/wireless/controller/4-2/configurati...

    Eat local point concerns small size as a small office deployments.

  • WLC 2504 several VLANs multiple SSID

    I have three sites

    Data center management unit A - main - controller + Access - Point IP 172.16.x.x - Vlan 38

    Unit B - system managed by controller IP 172.17.x.x - Vlan 38 Access Points

    Unit C - system managed by controller IP 172.18.x.x - Vlan 38 Access Points

    In the network topology OSPF runs. We have several VLANS about 38 we wish to propagate through SSID, but maybe I'm not create more than 16. How to make a movement of the user of a unit for unit B how do mention Vlan IP for the user because it is 38 Vlan spread on each unit.

    UNIT A - UNIT B - UNIT C

    |                            |                               |

    172.16.X.X 172.17.X.X 172.18.X.X

    |                            |                               |

    VLAN 2-38 VLAN 2-38 VLAN 2-38

    |                            |                               |

    AP-1                          AP-2                        AP-3

    |                               |                               |

    User to user-1 user-2-3

    Need of advice and suggestion

    Hello Saad,

    If I understand your scenario, you have 2-38 or 16 VLAN for each unit. To ensure exactly the addressing specific IP must be assigned to the user, you must create groups of AP and add AP group particular AP. Let's say for the 1st floor that you used the subnet 192.168.1.0/24 and AP-group1 so all the first floor AP will be in AP group1. In addition to browse documents cisco you will get any idea on AP groups concept.

    In order to obtain roaming when users move from one unit to another unit we configure mobility in the controller. As OSPF is already running then you have reach-ability between the controller.

    Hope this information helps you.

  • WLAN how can I use with Cisco WLC 2504

    I have two companies co-implantant and to decrease costs would like to implement a single Cisco WLC and separate traffic with the VLAN. I see that the controllers of the series Cisco WLC 2500 min supported number of WLAN: 5 and max: 75. That means actually? When I create more than 3 WLAN on a controller, the best practices page advises me against the use of more than 3 WLAN. Is it good to have more than 3 Wireless LANs, and what are the penalties to do?

    5 and 75 are the number of points WLC can support access light weight.

    By default, 2504 can manage up to 5 access points. You can increase this number up to 75 by adding the new license.

    Also, it can support up to 16 different WLANs (SSID)

    FC

  • WLC 2504 max AP support

    Hi all

    Anyone know what is the maximum number of points of access supported by Cisco 2504 WLC?

    According to the data sheet's 75:

    http://www.Cisco.com/en/us/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

    But according to the config guide, is 50:

    http://www.Cisco.com/en/us/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_01.html#ID263

    I believe that the correct number is 50, but I just want to be sure.

    Is this a limitation of the software?

    Yes, until 7.3 code only 50 APs are supported. 75 aPs are supported with 7.4 code.

  • Create multiple SSID - WLC - ISE 1.4 comments

    Hello

    I wonder if there is a way to create several comments about WLC SSID with specify policy on ISE 1.4?

    I tried to create 2 comments SSID with 2 policies. The point is that it is the first policy that matches any SSID.

    Any idea?

    Concerning

    Eric

    Add airespace-wlan-id to your strategy on the ISE, ISE will use the WLAN-id to match the correct strategy

Maybe you are looking for